54 matches found
CVE-2026-50282
Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...
CVE-2026-50282 Craft CMS: Unauthorized Deletion of Destination Folders During Forced Moves
Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...
EUVD-2026-41416
Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...
CVE-2026-50282
Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...
PT-2026-55266
Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Craft CMS versions 4.0.0-RC1 through 4.17.13 Description An authorization issue exists where a forced folder move can delete a conflicting destination folder even if the user lacks the required...
CVE-2026-50283
Craft CMS is a content management system CMS. Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId...
CVE-2026-41048
CVE-2026-41048 describes an authentication caching bug in qSnapper prior to version 1.3.3 where caching between different polkit methods could allow a local attacker to perform privileged actions (e.g., restore from a snapshot) even when the user should only be able to delete snapshots. Affected ...
EUVD-2026-38272
Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...
GHSA-RMQR-H98C-QG2M Duplicate Advisory: phpMyFAQ: Path traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gh9p-q46p-57g2. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with...
CVE-2026-45008 phpMyFAQ - Path Traversal in Client::deleteClientFolder via URL Parameter
phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCEDELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../ in the client URL parameter to recursively delete...
CVE-2026-45008
CVE-2026-45008 affects phpMyFAQ up to version 4.1.2 and describes a path traversal vulnerability in the Client::deleteClientFolder function. An admin with INSTANCE_DELETE permission can submit a crafted client URL parameter (for example using sequences like ../../../) to traverse outside the inte...
EUVD-2026-30593
phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCEDELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../ in the client URL parameter to recursively delete...
CVE-2026-45008 phpMyFAQ - Path Traversal in Client::deleteClientFolder via URL Parameter
phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCEDELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../ in the client URL parameter to recursively delete...
BIT-GRAFANA-2026-28374 IDOR in Annotations API allows unprivileged users to DELETE annotation
Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...
PT-2026-41355
phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE DELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../ in the client URL parameter to recursively delete...
GHSA-FWJ3-42WH-8673 FileBrowser Public Share DELETE API Path Traversal Allows Unauthenticated Arbitrary File Deletion
Summary Attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences e.g., ../ to escape the intended shared directory. As a result, an unauthenticated attacker possessing a valid public share hash with delete permissions enabled can delete...
phpMyFAQ: Path Traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins
Summary Client::deleteClientFolder in phpmyfaq/src/phpMyFAQ/Instance/Client.php:583 takes a URL from the caller, strips the https:// prefix, and passes the remainder to Filesystem::deleteDirectory relative to the multisite clientFolder. No path-traversal validation runs. An admin with the...
Directory Traversal
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal in the deleteClientFolder process. An attacker can delete arbitrary directories on the server by submitting a crafted URL containing...
PT-2026-38413
Name of the Vulnerable Software and Affected Versions FileBrowser Quantum versions prior to 1.3.1-stable FileBrowser Quantum versions prior to 1.3.9-beta Description Attacker-controlled path input is joined with a trusted base path before sanitization, enabling the use of traversal sequences such...
CVE-2026-35488
CVE-2026-35488 affects Tandoor Recipes where RecipeBookViewSet and RecipeBookEntryViewSet exposed a flawed CustomIsShared permission: has_object_permission() returns True for all HTTP methods, letting shared (read-only) users delete or overwrite a RecipeBook. The root cause is the permission chec...